Re: Security Measures

From: MARK BRINSMEAD <mark.brinsmead_at_gmail.com>
Date: Tue, 7 Apr 2015 09:12:51 -0400
Message-ID: <CAAaXtLDr6FcQw9V3qPtXXmQHoDgw=xVnLpt+kYLKMbkem0s54w_at_mail.gmail.com>

Wow. Now *that* is an open-ended question.

I'm not sure what you mean by "secure legally", but let's leave that for now.

Database security -- or computer security in general -- is mostly a *business* decision. If I were to set my mind to it, I could probably make my databases super-duper-unbelievably-secure, but in doing so I could easily end up spending millions of dollars and might in the end produce a database (or computer system) that is next to unusable.

Your fist step is -- or at least should be -- to identify your business requirements, regulatory compliance obligations, and corporate policies, and then design and implement a security policy that meets them.

There are really no absolutes, and no universal truths. Even simple sounding things like "always keep up with security patches" cannot be applied globally, nor without buy-in/support from the business. (Not unless you want to spend your weekends working for free to install patches that the business is unwilling to pay you to install.) In fact, even where it comes to patches, some businesses have constraints that actually *preclude* the installation of patches without first taking extreme measures to obtain approval. One example that comes to mind would be applications used for medical testing -- the software and database configurations are certified by the US government (FDA) and cannot be changed, for any reason, without their prior approval. Installing security updates *could* require the entire system to be re-certified.

Perhaps a better question is "what do you do to motivate business leadership to take more interest and make more appropriate investments in security?".

On Tue, Apr 7, 2015 at 2:26 AM, walid kaakati <dmarc-noreply_at_freelists.org> wrote:

> Hallo List,
>
>
> I would like to know what security measures you apply other than Auditing
> to ensure that your database is secure and you are as a DBA has done your
> home work and you are secure legally.
>
> Best wishes for all !,
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Apr 07 2015 - 15:12:51 CEST

This message: [ Message body ]
Next message: walid kaakati: "WG: Security Measures"
Previous message: Hans Forbrich: "Re: Security Measures"
In reply to: walid kaakati: "Security Measures"
Next in thread: walid kaakati: "WG: Security Measures"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message